[syslog-ng]new member
Ravi shetkar
syslog-ng@lists.balabit.hu
Sat, 2 Aug 2003 06:19:35 -0700 (PDT)
--0-907542157-1059830375=:54805
Content-Type: text/plain; charset=us-ascii
Hi
My name is Shetkar Ravi and AS i am new to syslog-ng I am interested to become a new syslog-ng member to learn more about syslog-ng.
I am currently working on logging server project. I searched the web and found lot of good things and recommendations about the syslog-ng and decided install and test in my solaris/HP/Aix environment.
I down loaded libol-0.3.9 and syslog-ng-1.6.0rc3 and installed and compiled on solaris 8 server.
I added /etc/syslog-ng/syslog-ng.conf file and modified the /etc/init.d/syslog file, but when try to start the syslog-ng (/etc/init.d/syslog start) it giving me following error on the console..
io.c: bind_inet_socket() bind failed 0.0.0.0:514 Address already in use
Need your help and suggestion for syslog-ng configuration...to make it work on my syslog -ng centralize logging server.
Do i need to install syslog-ng on all the clients also or the default syslog will work.?
and then what will be the syslog.conf file on clients.
Follwing are my configuration files..
/etc/syslog-ng/syslog-ng.conf file..
# more syslog-ng.conf
#
# Syslog-ng example configuration file for Solaris
#
#use_fqdn() add FQDN instead of short hostname
#use_dns() use DNS (may cause DOS)
#sync() number of lines buffered before written to file
#log_fifo_size() number of lines fitting to the output queue
#
#options { use_fqdn(no);
# keep_hostname(yes);
# use_dns(no);
# long_hostnames(off);
# sync(0);
# log_fifo_size(1000); };
options { sync(0); keep_hostname(yes); chain_hostnames(no);
log_fifo_size(30000); };
source s_local { sun-streams("/dev/log" door("/etc/.syslog_door"));
internal(); };
source s_net_udp { udp(); };
destination d_local { file("/logs/messages"); };
log { source(s_local); source(s_net_udp); destination(d_local); };
#
# local and network sources
#
# + will accept udp/tcp connections on port 514 from any host
# + keepalive option is for tcp only and will keep connection open
# when the SIGHUP signal is seen
#
#source s_stream { sun-streams("/dev/log" door("/etc/.syslog_door"); };
#source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal();};
#source network { udp(); tcp(); };
#source s_tcp { tcp(ip(127.0.0.1) port(19990) max-connections(10)); };
#Source s_udp { udp(); };
#
# standard destinations for local standard system messages
#
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination kern { file("/var/log/kern.log"); };
destination maillog { file("/var/log/maillog"); };
#
# special log destinations for our remote hosts
# (pixlog, switchlog) and for our IP Filter firewall (ipflog)
#
#destination ipflog { file("/var/log/ipf.log"); };
#destination pixlog { file("/var/log/pix.log"); };
#destination switchlog { file("/var/log/switch.log"); };
#
# Some log files used to catch remaining messages
#
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
#
# console destination
#
destination console { file("/dev/sysmsg"); };
#
# filters for standard local system messages which come
# in on non-local facilities
#
filter f_authpriv { facility(auth) ; };
filter f_syslog { not facility(auth) and not facility(mail); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
#
# filters for IPFilter and the Cisco equipment
#
#filter f_ipf { facility(local0); };
#filter f_pix { facility(local4); };
#filter f_switch { facility(local6, local7); };
#
# catch the rest
#
filter f_debug { not facility(kern, auth, mail, local6, local7, local4, local0); };
filter f_messages { level(info .. warn) and not facility(auth, mail, local0, local4
, local6, local7); };
#
# filters for various emergency level messages
#
filter f_emergency { level(emerg); };
#
# log emergency level messages out to console
#
log { source(local); filter(f_emergency); destination(console); };
#
# log messages from local machine
#
log { source(local); filter(f_authpriv); destination(authlog); };
log { source(local); filter(f_syslog); destination(syslog); };
log { source(local); filter(f_kern); destination(kern); };
log { source(local); filter(f_mail); destination(maillog); };
#
# log IP Filter messages to the ipf.log
#
#log { source(local); filter(f_ipf); destination(ipflog); };
#
# log switch and pix messages
#
#log { source(network); filter(f_pix); destination(pixlog); };
#log { source(network); filter(f_switch); destination(switchlog); };
#
# catch the rest of the messages
#
log { source(local); source(network); filter(f_debug); destination(debug); };
log { source(local); source(network); filter(f_messages); destination(messages); };
#
# Automatic sorting of host messages by $HOST and $YEAR$MONTH$DAY
#
# + will automatically create a directory structure for all messages
# sorted first by host, then by date, then by facility.
# + with use_dns(no) we will have files based on ip address not hostname
#
destination hosts { file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY/$FACILITY" owner(roo
t) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
#
# logs all incoming messages from network source to the sorted
# destination
#
log { source(network); destination(hosts); };
My /etc/init.d/syslog file is
# more syslog
#!/sbin/sh
#
# script to start syslog-ng on boot up for a Solaris machine.
# This script replaces /etc/init.d/syslog on a Solaris machine.
#
case "$1" in
'start')
if [ -f /etc/syslog-ng.conf -a -f /usr/local/sbin/syslog-ng ];
then
echo 'syslog-ng service starting.'
#
# Before syslogd starts, save any messages from previous
# crash dumps so that messages appear in chronological order.
#
/usr/bin/savecore -m
if [ -r /etc/dumpadm.conf ]; then
. /etc/dumpadm.conf
[ "x$DUMPADM_DEVICE" != xswap ] && \
/usr/bin/savecore -m -f $DUMPADM_DEVICE
fi
if [ ! -f /var/adm/messages ]; then
/usr/bin/cp /dev/null /var/adm/messages
/usr/bin/chmod 0644 /var/adm/messages
fi
/usr/local/sbin/syslog-ng >/dev/msglog 2>&1 &
fi
;;
'stop')
echo 'syslog-ng service stopping.'
if [ -f /var/run/syslog-ng.pid ]; then
syspid=`/usr/bin/cat /var/run/syslog-ng.pid`
[ "$syspid" -gt 0 ] && kill -15 $syspid
fi
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
my daemon is in /usr/loca/sbin/syslog-ng
thanks for your help.
Shetkar Ravi
Unix systel Administrator.
WebMD
rshetkar@webmd.net
rshetkar88@yahoo.com
---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
--0-907542157-1059830375=:54805
Content-Type: text/html; charset=us-ascii
<DIV>Hi </DIV>
<DIV> </DIV>
<DIV>My name is Shetkar Ravi and AS i am new to syslog-ng I am interested to become a new syslog-ng member to learn more about syslog-ng.</DIV>
<DIV>I am currently working on logging server project. I searched the web and found lot of good things and recommendations about the syslog-ng and decided install and test in my solaris/HP/Aix environment.</DIV>
<DIV> </DIV>
<DIV>I down loaded libol-0.3.9 and syslog-ng-1.6.0rc3 and installed and compiled on solaris 8 server. </DIV>
<DIV> </DIV>
<DIV>I added /etc/syslog-ng/syslog-ng.conf file and modified the /etc/init.d/syslog file, but when try to start the syslog-ng (/etc/init.d/syslog start) it giving me following error on the console..</DIV>
<DIV> </DIV>
<DIV><STRONG>io.c: bind_inet_socket() bind failed 0.0.0.0:514 Address already in use</STRONG></DIV>
<DIV> </DIV>
<DIV>Need your help and suggestion for syslog-ng configuration...to make it work on my syslog -ng centralize logging server. </DIV>
<DIV> </DIV>
<DIV>Do i need to install syslog-ng on all the clients also or the default syslog will work.?</DIV>
<DIV>and then what will be the syslog.conf file on clients.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Follwing are my configuration files..</DIV>
<DIV> </DIV>
<DIV>/etc/syslog-ng/syslog-ng.conf file..</DIV>
<DIV># more syslog-ng.conf<BR>#<BR># Syslog-ng example configuration file for Solaris<BR>#<BR>#use_fqdn() add FQDN instead of short hostname<BR>#use_dns() use DNS (may cause DOS)<BR>#sync() number of lines buffered before written to file<BR>#log_fifo_size() number of lines fitting to the output queue<BR>#<BR>#options { use_fqdn(no); <BR># keep_hostname(yes); <BR># use_dns(no);
<BR># long_hostnames(off); <BR># sync(0); <BR># log_fifo_size(1000); };</DIV>
<DIV>options { sync(0); keep_hostname(yes); chain_hostnames(no);<BR>log_fifo_size(30000); };<BR>source s_local { sun-streams("/dev/log" door("/etc/.syslog_door"));<BR>internal(); };<BR>source s_net_udp { udp(); };<BR>destination d_local { file("/logs/messages"); };<BR>log { source(s_local); source(s_net_udp); destination(d_local); };</DIV>
<DIV>#<BR># local and network sources <BR>#<BR># + will accept udp/tcp connections on port 514 from any host<BR># + keepalive option is for tcp only and will keep connection open<BR># when the SIGHUP signal is seen<BR># <BR>#source s_stream { sun-streams("/dev/log" door("/etc/.syslog_door"); };<BR>#source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal();}; <BR>#source network { udp(); tcp(); };<BR>#source s_tcp { tcp(ip(127.0.0.1) port(19990) max-connections(10)); };<BR>#Source s_udp { udp(); };</DIV>
<DIV>#<BR># standard destinations for local standard system messages <BR>#<BR>destination authlog { file("/var/log/auth.log"); };<BR>destination syslog { file("/var/log/syslog"); };<BR>destination kern { file("/var/log/kern.log"); };<BR>destination maillog { file("/var/log/maillog"); };</DIV>
<DIV>#<BR># special log destinations for our remote hosts<BR># (pixlog, switchlog) and for our IP Filter firewall (ipflog) <BR>#<BR>#destination ipflog { file("/var/log/ipf.log"); };<BR>#destination pixlog { file("/var/log/pix.log"); };<BR>#destination switchlog { file("/var/log/switch.log"); };</DIV>
<DIV>#<BR># Some log files used to catch remaining messages<BR>#<BR>destination debug { file("/var/log/debug"); };<BR>destination messages { file("/var/log/messages"); };</DIV>
<DIV>#<BR># console destination<BR>#<BR>destination console { file("/dev/sysmsg"); };</DIV>
<DIV>#<BR># filters for standard local system messages which come<BR># in on non-local facilities<BR>#<BR>filter f_authpriv { facility(auth) ; };<BR>filter f_syslog { not facility(auth) and not facility(mail); };<BR>filter f_kern { facility(kern); };<BR>filter f_mail { facility(mail); };</DIV>
<DIV>#<BR># filters for IPFilter and the Cisco equipment<BR>#<BR>#filter f_ipf { facility(local0); };<BR>#filter f_pix { facility(local4); };<BR>#filter f_switch { facility(local6, local7); };</DIV>
<DIV>#<BR># catch the rest<BR>#<BR>filter f_debug { not facility(kern, auth, mail, local6, local7, local4, local0); };<BR>filter f_messages { level(info .. warn) and not facility(auth, mail, local0, local4<BR>, local6, local7); };</DIV>
<DIV>#<BR># filters for various emergency level messages<BR>#<BR>filter f_emergency { level(emerg); };</DIV>
<DIV>#<BR># log emergency level messages out to console<BR>#<BR>log { source(local); filter(f_emergency); destination(console); };</DIV>
<DIV>#<BR># log messages from local machine<BR>#<BR>log { source(local); filter(f_authpriv); destination(authlog); };<BR>log { source(local); filter(f_syslog); destination(syslog); };<BR>log { source(local); filter(f_kern); destination(kern); };<BR>log { source(local); filter(f_mail); destination(maillog); };</DIV>
<DIV>#<BR># log IP Filter messages to the ipf.log<BR>#<BR>#log { source(local); filter(f_ipf); destination(ipflog); };</DIV>
<DIV>#<BR># log switch and pix messages<BR>#<BR>#log { source(network); filter(f_pix); destination(pixlog); };<BR>#log { source(network); filter(f_switch); destination(switchlog); };</DIV>
<DIV>#<BR># catch the rest of the messages<BR>#<BR>log { source(local); source(network); filter(f_debug); destination(debug); };<BR>log { source(local); source(network); filter(f_messages); destination(messages); };</DIV>
<DIV>#<BR># Automatic sorting of host messages by $HOST and $YEAR$MONTH$DAY<BR># <BR># + will automatically create a directory structure for all messages<BR># sorted first by host, then by date, then by facility.<BR># + with use_dns(no) we will have files based on ip address not hostname<BR>#<BR>destination hosts { file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY/$FACILITY" owner(roo<BR>t) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };</DIV>
<DIV>#<BR># logs all incoming messages from network source to the sorted <BR># destination<BR># <BR>log { source(network); destination(hosts); };</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>My /etc/init.d/syslog file is</DIV>
<DIV><BR># more syslog<BR>#!/sbin/sh<BR>#<BR># script to start syslog-ng on boot up for a Solaris machine. <BR># This script replaces /etc/init.d/syslog on a Solaris machine.<BR>#<BR>case "$1" in<BR>'start')<BR> if [ -f /etc/syslog-ng.conf -a -f /usr/local/sbin/syslog-ng ];<BR>then<BR> echo 'syslog-ng service starting.'<BR> #<BR> # Before syslogd starts, save any messages from previous<BR> # crash dumps so that messages appear in chronological order.<BR>
#<BR> /usr/bin/savecore -m<BR> if [ -r /etc/dumpadm.conf ]; then<BR> . /etc/dumpadm.conf<BR> [ "x$DUMPADM_DEVICE" != xswap ] && \<BR> /usr/bin/savecore -m -f $DUMPADM_DEVICE<BR> fi<BR> if [ !
-f /var/adm/messages ]; then<BR> /usr/bin/cp /dev/null /var/adm/messages<BR> /usr/bin/chmod 0644 /var/adm/messages<BR> fi<BR> /usr/local/sbin/syslog-ng >/dev/msglog 2>&1 &<BR> fi<BR> ;;</DIV>
<DIV>'stop')<BR> echo 'syslog-ng service stopping.'<BR> if [ -f /var/run/syslog-ng.pid ]; then<BR> syspid=`/usr/bin/cat /var/run/syslog-ng.pid`<BR> [ "$syspid" -gt 0 ] && kill -15 $syspid<BR> fi<BR> ;;</DIV>
<DIV>*)<BR> echo "Usage: $0 { start | stop }"<BR> exit 1<BR> ;;<BR>esac </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>my daemon is in /usr/loca/sbin/syslog-ng</DIV>
<DIV> </DIV>
<DIV>thanks for your help.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Shetkar Ravi</DIV>
<DIV>Unix systel Administrator.</DIV>
<DIV>WebMD</DIV>
<DIV><A href="mailto:rshetkar@webmd.net">rshetkar@webmd.net</A></DIV>
<DIV><A href="mailto:rshetkar88@yahoo.com">rshetkar88@yahoo.com</A></DIV>
<DIV> </DIV><p><hr SIZE=1>
Do you Yahoo!?<br>
<a href="http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com">Yahoo! SiteBuilder</a> - Free, easy-to-use web site design software
--0-907542157-1059830375=:54805--